Infrastructure concerns face aviation industry

Travel delays at airports throughout the US offer a glimpse of how challenging it is to maintain a streamlined – but safe – travel industry.

Mobility is important to the economy and to enterprise. About two million passengers pass through 450 airports in the US each day. More than just a passenger pat-down, airport security involves the facility, its carriers, cargo and ground handling capabilities. As business and leisure travellers check monitors, protocols carried out at each level of an aviation facility aim to deter a lone wolf attack, or an organised terrorist plot.

In testimony of the Office of the Inspector General (OIG) concerning the Transportation Security Administration (TSA), Inspector General John Roth notes, “nowhere is the asymmetric threat of terrorism more evident than in the area of aviation security”.

Slow improvement in national airport security

In June 2016, remarks by the inspector general and TSA administrator Peter Neffenger, before the Committee on Homeland Security, highlighted slow improvement at the TSA last year.

The TSA came under close scrutiny in 2015 when internal audits revealed airport screeners failed to detect mock explosives and weapons in 67 out of 70 attempts, creating a failure rate of approximately 95 percent. Penetration testing is essential for gauging the effectiveness of emergency preparedness on the ground or in cyber space.

While noting improvement in recent months, the inspector general also notes that ongoing problem areas for the TSA include checkpoints, which are recognised as the best means of threat detection. Improvement of TSA performance in covert checkpoint assessment is crucial. A further area for improvement was determining risk. According to the OIG, “the hard truth is that in the vast majority of the instances, the identities of those who commit terrorist acts were simply unknown to or misjudged by the intelligence community”.

Some assessment rules that currently guide the TSA are based on “questionable assumptions about relative risk”. The OIG notes that the TSA allows passengers into Precheck lanes without sufficient risk assessment. The TSA method of “managed inclusion” is currently under reform as the agency complies with some recommendations made by the OIG. The OIG stresses there is no better means of checkpoint risk management than individual assessment.

Budget, contract and personnel management

In his testimony, Mr Roth noted significant problems with contract oversight, personnel screening and management, and equipment maintenance and integration by the TSA. For passengers frustrated by long lines at TSA checkpoints this summer, Mr Roth notes, “the long lines we are seeing this summer are not mysterious: TSA, because of the decisions it made in 2014 and 2015, has fewer screeners but is facing more passenger volume than ever before”.

Despite lapses, the TSA identifies weaponry and prohibited carry-on items every day. In one week in August this year, 63 firearms (including 57 that were loaded) were confiscated from carry-on luggage passing through airports across the country.

The importance of aviation cyber security

As financial, business and retail enterprises grapple with an uptick in criminal cyber activity, legislators and federal agencies look at strengthening transportation cyber security and threat assessment.

Computer glitches and power outages caused delays and snarled air traffic across the US when Delta and Southwest Airlines were not able to effectively respond to computer difficulties this summer. Such glitches could shut down air traffic, delay the shipping of goods and have a huge economic impact on a wide range of industries and financial markets. Around the globe, other sectors of the transport industry, like commercial shipping, could suffer ongoing impact from similar technological and legal glitches that delay cargo and scuttle commerce.

While these delays were not due to a targeted attack, a serious attempt at disrupting US air traffic is only a matter of time. In April of this year, Massachusetts senator Ed Markey introduced legislation that would create standards for airline cyber security.

The measure, called the Cyber AIR Act, is based partly on research conducted by Senator Markey that concluded vulnerabilities may exist in areas that include: security clearance and assessment of software installers; standards for penetration testing; communication between airlines and federal or regulatory agencies; security of avionics systems, hardware and software; and information sharing between airlines.

Legacy airline, security and infrastructure systems cannot keep pace with amplified threat levels at ports of entry around the world. The Cyber AIR Act supports passenger and crew safety, empowers the US Federal Aviation Administration (FAA) to create digital security standards and requires airlines to disclose cyber threat, or attack, to federal officials.

Notes Senator Markey: “We know that terrorists and others that mean to do us harm will try to exploit any loophole or technological advance in our transportation systems, so we must continually bolster the standards and practices of the airline industry to ensure the safety and security of passengers on board commercial aircraft”.

The events of 11 September 2001 tragically remind Americans and the global community of the dangers of weaponised aviation. Long waits at security checkpoints are annoying, but the delay in securing critical aviation infrastructure could be deadly.

Cheryl Tyler is the chief executive officer of CLT 3 Consulting. She can be contacted on +1 (240) 481 7756 or by email: cheryl.tyler@clt3consulting.com.